No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Cortex XSIAM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 18, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.0
Anomali offers cost-effective solutions with significant ROI, reducing manual effort and enhancing efficiency through automation and AI-driven tasks.
Sentiment score
4.3
Cortex XSIAM achieved savings over $500,000 by automating over half of detection and response, optimizing incident management.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Global Leadership Council at a tech company with 10,001+ employees
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
Security Consultant at Deloitte
 

Customer Service

Sentiment score
5.0
Anomali offers excellent enterprise support with quick, reliable assistance, though smaller client attention and professionalism have recently declined.
Sentiment score
6.1
Cortex XSIAM technical support experiences vary, with premium support praised for expertise, while distributor-based support quality fluctuates.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
Global Leadership Council at a tech company with 10,001+ employees
The technical support at Anomali is excellent.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
It doesn't seem very professional how they're handling support anymore.
Enterprise Security Architect V at FirstEnergy
With premium support, core Palo Alto technical experts handle issues directly.
Team Lead, Security at seamlessinfotech.com
It is ineffective in terms of responding to basic queries and addressing future requirements.
Associate Director at a financial services firm with 5,001-10,000 employees
I had a dedicated person allocated for supporting, and even with them, it was very good.
Cybersecurity Architect at a computer software company with 10,001+ employees
 

Scalability Issues

Sentiment score
8.0
Anomali offers scalable solutions by smoothly handling extensive threat data and integrating with security systems, supporting organizational growth.
Sentiment score
6.6
Cortex XSIAM excels in scalability and cloud deployment, though integration affects performance and some prefer more on-premises functionality.
The scalability is massive, allowing us to store millions of indicators.
Enterprise Security Architect V at FirstEnergy
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Sr. Threat Intelligence Analyst at a tech vendor with 10,001+ employees
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
Global Leadership Council at a tech company with 10,001+ employees
Without proper integration, scaling up with more servers is meaningless.
Associate Director at a financial services firm with 5,001-10,000 employees
The SOC team is responsible for fully managing Cortex XSIAM.
Cybersecurity Architect at a computer software company with 10,001+ employees
Cortex XSIAM is highly scalable.
SOC Analyst at OVELOSEC
 

Stability Issues

Sentiment score
8.4
Users praise Anomali's high stability and enterprise-grade reliability, noting consistent performance despite occasional platform function changes.
Sentiment score
7.5
Cortex XSIAM is cloud-based, reliable, with minimal maintenance, and occasional update issues are quickly resolved, enhancing performance.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
Global Leadership Council at a tech company with 10,001+ employees
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
Enterprise Security Architect V at FirstEnergy
The good thing is that they have a health check page, and if any issues arise, they notify us.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
The product was easy to install and set up and worked right.
Owner at Xelere
With continuous integration that the colleagues probably are doing, it is becoming better and better.
Cybersecurity Architect at a computer software company with 10,001+ employees
Overall, Cortex XSIAM is stable.
SOC Analyst at OVELOSEC
 

Room For Improvement

Anomali needs enhanced AI, simplified interfaces, better integration, consistent tagging, flexible reporting, clearer pricing, and intuitive workflows.
Cortex XSIAM needs better integration, usability, pricing, data management, and support for enhanced performance and flexibility.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
Associate Consultant at a tech vendor with 1,001-5,000 employees
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
SOC Analyst at OVELOSEC
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
Solutions Architect at ostec
 

Setup Cost

Anomali pricing is medium to high, with contracts of one to two years, managed by senior staff in discussions.
Cortex XSIAM is expensive with variable pricing, complexity in licensing, and additional costs for functionalities and resources.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
Associate Consultant at a tech vendor with 1,001-5,000 employees
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
Senior Information Technology Security Consultant at Mideast Data Systems
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
The first impression is that XSIAM would be more expensive than others we tried.
Owner at Xelere
The product is very expensive.
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
Director at MICROLOGIC NETWORKS PRIVATE LIMITED
 

Valuable Features

Anomali excels in threat intelligence by efficiently automating data integration, improving response times, and reducing manual workloads.
Cortex XSIAM enhances incident response with automation, integration, and machine learning, providing comprehensive network security and threat identification.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
Associate Consultant at a tech vendor with 1,001-5,000 employees
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
Global Leadership Council at a tech company with 10,001+ employees
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
Solutions Architect at ostec
To have Cortex XSIAM available is to basically have integration of all log sources, all alerting, and so on and so forth from firewalls and different tools, to get everything in one place, and afterwards to be able to build on the information that is coming.
Cybersecurity Architect at a computer software company with 10,001+ employees
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
Owner at Xelere
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
8.0
Reviews Sentiment
6.2
Number of Reviews
13
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (TIP) (3rd), Extended Detection and Response (XDR) (11th)
Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
16
Ranking in other categories
Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 1.4%, up from 0.3% compared to the previous year. The mindshare of Cortex XSIAM is 1.7%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.7%
Anomali1.4%
Other96.9%
Security Information and Event Management (SIEM)
 

Featured Reviews

TarunKumar11 - PeerSpot reviewer
Global Leadership Council at a tech company with 10,001+ employees
Strategic threat intelligence has improved detection speed and consistently reduces analyst workload
Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.
reviewer2541030 - PeerSpot reviewer
Cybersecurity Architect at a computer software company with 10,001+ employees
Unified security monitoring has simplified incident response and improved automated threat handling
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually very in-depth. I mean, you can do most of the things and a lot of integration that you actually want. So if I want to choose to send things to WildFire, for example, I can choose to send it, I can choose to not send it. This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification. I would say that the thing that maybe needs a bit more improvement is the fact that the one with the firewall because I have seen some things there that are kind of hard to manage. You do not really have a very easy way to manage those, unless you actually know where you have put them. So it is very inflexible. In the rest, you have a lot of playbooks that you can do and you can do lots of automation, which is actually easy to manage from what I have seen from my colleagues.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
6%
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise14
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for Anomali Enterprise?
My experience with pricing involved a yearly, two-year contract; I can't specify the setup cost, but it was aligned with our budget, so I consider it good.
What needs improvement with Anomali ThreatStream?
I can mention one point regarding improvements for Anomali, which is more enhanced reporting flexibility. The reporting provided to us is not too detailed and could be more enhanced. Better filteri...
What is your primary use case for Anomali ThreatStream?
I was using Anomali primarily for threat intelligence operations, security monitoring, and threat detection initiatives. I was part of the SOC team, and my role and responsibilities involved workin...
What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
What needs improvement with Cortex XSIAM?
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
No data available
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Find out what your peers are saying about Anomali vs. Cortex XSIAM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.